CVE-2020-10702

Published: 13 April 2020

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
qemu
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 20.04 LTS (Focal Fossa)
Released (1:4.2-3ubuntu5)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Vulnerable code introduced later)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist